448d4b8e6831d7053d8cea985369531b50478009afa776f08cd5370fb5e57261

Analysis

max time kernel
148s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2bb495e8d1dc04788a04812d0045fd71.exe
Size

184KB
MD5

2bb495e8d1dc04788a04812d0045fd71
SHA1

8996981bf38299187cb6eaa1e4533d49d4de995b
SHA256

448d4b8e6831d7053d8cea985369531b50478009afa776f08cd5370fb5e57261
SHA512

4216018d672dacb2447bcea72d4ffe9ef0a6234c5c1606fa8f041a50b3984b51a970c2fb8fe55d613a4f65c93ca91cee8968a76f1ba61ffec241a2f29eac4607
SSDEEP

3072:/4B9ocQ/jA0lEjJdTAW4zTbg6MP633IIpvexWwP5+olPdpjk:/4Pohc0lEd0W4zZ11dolPdpj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2752	Unicorn-30444.exe
2776	Unicorn-56738.exe
2792	Unicorn-23319.exe
2736	Unicorn-58726.exe
2632	Unicorn-18248.exe
2732	Unicorn-29946.exe
1592	Unicorn-17767.exe
2008	Unicorn-18836.exe
1748	Unicorn-27004.exe
2636	Unicorn-21389.exe
1076	Unicorn-56801.exe
2132	Unicorn-35307.exe
1760	Unicorn-29557.exe
1892	Unicorn-54658.exe
2664	Unicorn-52390.exe
1968	Unicorn-23609.exe
1800	Unicorn-19376.exe
900	Unicorn-60963.exe
1788	Unicorn-11015.exe
2360	Unicorn-107.exe
2500	Unicorn-61560.exe
2300	Unicorn-37610.exe
876	Unicorn-65452.exe
2284	Unicorn-16335.exe
1192	Unicorn-62795.exe
1960	Unicorn-22509.exe
2672	Unicorn-42375.exe
2708	Unicorn-51098.exe
2716	Unicorn-46822.exe
2884	Unicorn-62411.exe
1584	Unicorn-22125.exe
548	Unicorn-21379.exe
2488	Unicorn-62774.exe
1596	Unicorn-27238.exe
612	Unicorn-47658.exe
1652	Unicorn-52297.exe
2736	Unicorn-3096.exe
1048	Unicorn-21701.exe
2784	Unicorn-5919.exe
2880	Unicorn-58457.exe
1312	Unicorn-55525.exe
1120	Unicorn-59609.exe
1344	Unicorn-19982.exe
872	Unicorn-11923.exe
2292	Unicorn-7751.exe
1548	Unicorn-46023.exe
2200	Unicorn-19345.exe
1272	Unicorn-28726.exe
2396	Unicorn-28172.exe
1988	Unicorn-47824.exe
2448	Unicorn-7175.exe
1876	Unicorn-19899.exe
2508	Unicorn-7367.exe
2496	Unicorn-4030.exe
2228	Unicorn-23621.exe
1180	Unicorn-40424.exe
2264	Unicorn-15452.exe
2000	Unicorn-35873.exe
2204	Unicorn-11451.exe
1904	Unicorn-12925.exe
2864	Unicorn-35188.exe
1484	Unicorn-19598.exe
2464	Unicorn-9500.exe
900	Unicorn-5416.exe

Loads dropped DLL 64 IoCs

pid	Process
1220	2bb495e8d1dc04788a04812d0045fd71.exe
1220	2bb495e8d1dc04788a04812d0045fd71.exe
1220	2bb495e8d1dc04788a04812d0045fd71.exe
2752	Unicorn-30444.exe
1220	2bb495e8d1dc04788a04812d0045fd71.exe
2752	Unicorn-30444.exe
2792	Unicorn-23319.exe
2776	Unicorn-56738.exe
2752	Unicorn-30444.exe
2752	Unicorn-30444.exe
2776	Unicorn-56738.exe
2792	Unicorn-23319.exe
2732	Unicorn-29946.exe
2736	Unicorn-58726.exe
2732	Unicorn-29946.exe
2736	Unicorn-58726.exe
2632	Unicorn-18248.exe
2632	Unicorn-18248.exe
1748	Unicorn-27004.exe
2008	Unicorn-18836.exe
2008	Unicorn-18836.exe
1748	Unicorn-27004.exe
1592	Unicorn-17767.exe
1592	Unicorn-17767.exe
2636	Unicorn-21389.exe
2636	Unicorn-21389.exe
1748	Unicorn-27004.exe
1748	Unicorn-27004.exe
1076	Unicorn-56801.exe
1076	Unicorn-56801.exe
2008	Unicorn-18836.exe
2008	Unicorn-18836.exe
2132	Unicorn-35307.exe
2132	Unicorn-35307.exe
2636	Unicorn-21389.exe
2636	Unicorn-21389.exe
1968	Unicorn-23609.exe
1968	Unicorn-23609.exe
1892	Unicorn-54658.exe
1892	Unicorn-54658.exe
1760	Unicorn-29557.exe
1076	Unicorn-56801.exe
1076	Unicorn-56801.exe
1760	Unicorn-29557.exe
2664	Unicorn-52390.exe
2664	Unicorn-52390.exe
900	Unicorn-60963.exe
900	Unicorn-60963.exe
1788	Unicorn-11015.exe
1788	Unicorn-11015.exe
1968	Unicorn-23609.exe
1968	Unicorn-23609.exe
1800	Unicorn-19376.exe
1800	Unicorn-19376.exe
2132	Unicorn-35307.exe
2132	Unicorn-35307.exe
1892	Unicorn-54658.exe
1892	Unicorn-54658.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2416	WerFault.exe
2500	Unicorn-61560.exe
2500	Unicorn-61560.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
2416	2360	WerFault.exe	49
2192	876	WerFault.exe	52
2768	2448	WerFault.exe	81
2940	568	WerFault.exe	103

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1220	2bb495e8d1dc04788a04812d0045fd71.exe
2752	Unicorn-30444.exe
2776	Unicorn-56738.exe
2792	Unicorn-23319.exe
2736	Unicorn-58726.exe
2632	Unicorn-18248.exe
2732	Unicorn-29946.exe
2008	Unicorn-18836.exe
1592	Unicorn-17767.exe
1748	Unicorn-27004.exe
2636	Unicorn-21389.exe
1076	Unicorn-56801.exe
2132	Unicorn-35307.exe
1760	Unicorn-29557.exe
2664	Unicorn-52390.exe
1968	Unicorn-23609.exe
1892	Unicorn-54658.exe
900	Unicorn-60963.exe
1800	Unicorn-19376.exe
1788	Unicorn-11015.exe
2360	Unicorn-107.exe
2300	Unicorn-37610.exe
2500	Unicorn-61560.exe
876	Unicorn-65452.exe
2284	Unicorn-16335.exe
1192	Unicorn-62795.exe
2672	Unicorn-42375.exe
1960	Unicorn-22509.exe
2708	Unicorn-51098.exe
2716	Unicorn-46822.exe
1584	Unicorn-22125.exe
548	Unicorn-21379.exe
2884	Unicorn-62411.exe
2488	Unicorn-62774.exe
1596	Unicorn-27238.exe
1652	Unicorn-52297.exe
612	Unicorn-47658.exe
2736	Unicorn-3096.exe
1048	Unicorn-21701.exe
2784	Unicorn-5919.exe
2880	Unicorn-58457.exe
1312	Unicorn-55525.exe
1120	Unicorn-59609.exe
1344	Unicorn-19982.exe
2292	Unicorn-7751.exe
1548	Unicorn-46023.exe
872	Unicorn-11923.exe
2200	Unicorn-19345.exe
1988	Unicorn-47824.exe
1272	Unicorn-28726.exe
2264	Unicorn-15452.exe
2508	Unicorn-7367.exe
2496	Unicorn-4030.exe
1876	Unicorn-19899.exe
2000	Unicorn-35873.exe
2396	Unicorn-28172.exe
1180	Unicorn-40424.exe
2228	Unicorn-23621.exe
1904	Unicorn-12925.exe
2204	Unicorn-11451.exe
2864	Unicorn-35188.exe
1484	Unicorn-19598.exe
2096	Unicorn-55001.exe
900	Unicorn-5416.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1220 wrote to memory of 2752	1220	2bb495e8d1dc04788a04812d0045fd71.exe	28
PID 1220 wrote to memory of 2752	1220	2bb495e8d1dc04788a04812d0045fd71.exe	28
PID 1220 wrote to memory of 2752	1220	2bb495e8d1dc04788a04812d0045fd71.exe	28
PID 1220 wrote to memory of 2752	1220	2bb495e8d1dc04788a04812d0045fd71.exe	28
PID 1220 wrote to memory of 2776	1220	2bb495e8d1dc04788a04812d0045fd71.exe	29
PID 1220 wrote to memory of 2776	1220	2bb495e8d1dc04788a04812d0045fd71.exe	29
PID 1220 wrote to memory of 2776	1220	2bb495e8d1dc04788a04812d0045fd71.exe	29
PID 1220 wrote to memory of 2776	1220	2bb495e8d1dc04788a04812d0045fd71.exe	29
PID 2752 wrote to memory of 2792	2752	Unicorn-30444.exe	30
PID 2752 wrote to memory of 2792	2752	Unicorn-30444.exe	30
PID 2752 wrote to memory of 2792	2752	Unicorn-30444.exe	30
PID 2752 wrote to memory of 2792	2752	Unicorn-30444.exe	30
PID 2752 wrote to memory of 2632	2752	Unicorn-30444.exe	32
PID 2752 wrote to memory of 2632	2752	Unicorn-30444.exe	32
PID 2752 wrote to memory of 2632	2752	Unicorn-30444.exe	32
PID 2752 wrote to memory of 2632	2752	Unicorn-30444.exe	32
PID 2776 wrote to memory of 2736	2776	Unicorn-56738.exe	33
PID 2776 wrote to memory of 2736	2776	Unicorn-56738.exe	33
PID 2776 wrote to memory of 2736	2776	Unicorn-56738.exe	33
PID 2776 wrote to memory of 2736	2776	Unicorn-56738.exe	33
PID 2792 wrote to memory of 2732	2792	Unicorn-23319.exe	34
PID 2792 wrote to memory of 2732	2792	Unicorn-23319.exe	34
PID 2792 wrote to memory of 2732	2792	Unicorn-23319.exe	34
PID 2792 wrote to memory of 2732	2792	Unicorn-23319.exe	34
PID 2732 wrote to memory of 1592	2732	Unicorn-29946.exe	35
PID 2732 wrote to memory of 1592	2732	Unicorn-29946.exe	35
PID 2732 wrote to memory of 1592	2732	Unicorn-29946.exe	35
PID 2732 wrote to memory of 1592	2732	Unicorn-29946.exe	35
PID 2736 wrote to memory of 2008	2736	Unicorn-58726.exe	36
PID 2736 wrote to memory of 2008	2736	Unicorn-58726.exe	36
PID 2736 wrote to memory of 2008	2736	Unicorn-58726.exe	36
PID 2736 wrote to memory of 2008	2736	Unicorn-58726.exe	36
PID 2632 wrote to memory of 1748	2632	Unicorn-18248.exe	37
PID 2632 wrote to memory of 1748	2632	Unicorn-18248.exe	37
PID 2632 wrote to memory of 1748	2632	Unicorn-18248.exe	37
PID 2632 wrote to memory of 1748	2632	Unicorn-18248.exe	37
PID 2008 wrote to memory of 1076	2008	Unicorn-18836.exe	39
PID 2008 wrote to memory of 1076	2008	Unicorn-18836.exe	39
PID 2008 wrote to memory of 1076	2008	Unicorn-18836.exe	39
PID 2008 wrote to memory of 1076	2008	Unicorn-18836.exe	39
PID 1748 wrote to memory of 2636	1748	Unicorn-27004.exe	38
PID 1748 wrote to memory of 2636	1748	Unicorn-27004.exe	38
PID 1748 wrote to memory of 2636	1748	Unicorn-27004.exe	38
PID 1748 wrote to memory of 2636	1748	Unicorn-27004.exe	38
PID 2636 wrote to memory of 2132	2636	Unicorn-21389.exe	42
PID 2636 wrote to memory of 2132	2636	Unicorn-21389.exe	42
PID 2636 wrote to memory of 2132	2636	Unicorn-21389.exe	42
PID 2636 wrote to memory of 2132	2636	Unicorn-21389.exe	42
PID 1592 wrote to memory of 1760	1592	Unicorn-17767.exe	41
PID 1592 wrote to memory of 1760	1592	Unicorn-17767.exe	41
PID 1592 wrote to memory of 1760	1592	Unicorn-17767.exe	41
PID 1592 wrote to memory of 1760	1592	Unicorn-17767.exe	41
PID 1748 wrote to memory of 2664	1748	Unicorn-27004.exe	45
PID 1748 wrote to memory of 2664	1748	Unicorn-27004.exe	45
PID 1748 wrote to memory of 2664	1748	Unicorn-27004.exe	45
PID 1748 wrote to memory of 2664	1748	Unicorn-27004.exe	45
PID 1076 wrote to memory of 1892	1076	Unicorn-56801.exe	44
PID 1076 wrote to memory of 1892	1076	Unicorn-56801.exe	44
PID 1076 wrote to memory of 1892	1076	Unicorn-56801.exe	44
PID 1076 wrote to memory of 1892	1076	Unicorn-56801.exe	44
PID 2008 wrote to memory of 1968	2008	Unicorn-18836.exe	43
PID 2008 wrote to memory of 1968	2008	Unicorn-18836.exe	43
PID 2008 wrote to memory of 1968	2008	Unicorn-18836.exe	43
PID 2008 wrote to memory of 1968	2008	Unicorn-18836.exe	43

C:\Users\Admin\AppData\Local\Temp\2bb495e8d1dc04788a04812d0045fd71.exe
"C:\Users\Admin\AppData\Local\Temp\2bb495e8d1dc04788a04812d0045fd71.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62411.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23621.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
        10⤵
        
        PID:568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 200
        11⤵
        Program crash
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11923.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        9⤵
        Executes dropped EXE
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52866.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
        12⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        13⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51801.exe
        14⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49616.exe
        13⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57635.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37992.exe
        12⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43550.exe
        13⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52273.exe
        12⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12880.exe
        13⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28172.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4030.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5919.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7367.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58457.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
        9⤵
        Executes dropped EXE
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 148
        10⤵
        Program crash
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46023.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35352.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
        11⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57189.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
        13⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
        14⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe
        15⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        14⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        13⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60545.exe
        14⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60908.exe
        13⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        12⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        13⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47909.exe
        14⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        13⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47824.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19598.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49171.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22716.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        12⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52102.exe
        14⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        13⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25740.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23981.exe
        14⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34628.exe
        12⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3752.exe
        13⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28751.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15918.exe
        11⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11771.exe
        12⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        13⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35958.exe
        14⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24260.exe
        13⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
        7⤵
        Program crash
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12925.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65315.exe
        9⤵
        
        PID:2212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
        8⤵
        Loads dropped DLL
        Program crash
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37610.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19345.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        10⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
        11⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
        13⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21454.exe
        12⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22123.exe
        13⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23213.exe
        14⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31935.exe
        13⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28726.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3096.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4246.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14547.exe
        10⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
        11⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13416.exe
        12⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58678.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
        13⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        14⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
        13⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
        12⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19982.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5416.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
        10⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
        11⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        13⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        14⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        13⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6545.exe
        11⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45859.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
        13⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7924.exe
        12⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20760.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10254.exe
        12⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2901.exe
        13⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-716.exe
        12⤵
        
        PID:3060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe

Filesize
184KB

MD5
3a0fd23911e2692c9ece1fa147557d37

SHA1
47d29eb8512cbaa449fb0f4c605413201daf9fce

SHA256
587ffa12319e3affac0ad701c640db1b5c8ec6ad63470c3cc063e765a5e6c66c

SHA512
03fe23bc6f5478212ec211fa920ae98b78e039e57c6bff6048b8bc7944be8a78017bf9591b6f28098a35e8dca432aae73a210460b3684b1887526e1cecc35ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe

Filesize
184KB

MD5
35fb7830c71b51df47b06eae3da8d78d

SHA1
5168f0d8928e80c0bbc6ae245120a78c2779e688

SHA256
f81bdec8f125131c7100ba8db4247757c4df6d483506028c8ebba28eb97f1ea4

SHA512
2287fc49267739e459aa05587f15c642f33058f400da7434f9fe083a2ec452a895f63c93fa95f07825efc4385fb6b80b364b2a49531070f2dcd7371d47c36dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe

Filesize
184KB

MD5
454f89708814b83f6c3452e74ad4c957

SHA1
5b590fcf63f2a5d819292629a5ae57327618a079

SHA256
43592dc0c011b2d49e0e6648774203476a9ea683928cec77f07dec7bae2d5a41

SHA512
9de507f83db55bd1ff75ea61610bd07600dffaa180f49fc0b7c5c34c3b417e9e195fc73f5dad44b43ec10c30c02b5e417aa7973d92bcbeaf81f76c048be82777

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe

Filesize
184KB

MD5
752218e4693f9755cac54264a206c6a8

SHA1
506dca0b5afbbaa262a583da528abb78febe275e

SHA256
7c62ea962a9a0c761baa93802b9af00dc50e88c5100fc971afccb7a85435d867

SHA512
c3a2d00be12674fe108e7e4be1289306f72a09d6f4aabcfbd3d9f983484e55aafc5060a4f088e696c6a1df0f6efabdac720d843c957800e50fb2a6a5b96564cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54658.exe

Filesize
184KB

MD5
840df496ae5da71f5fd89e84a7054918

SHA1
966ebc2bfa20d359dbeb63de3c1cdf68b5f7bdab

SHA256
66eeea9e84f0a5df98c26c4525b91e2c1e2d968dc351cbd77f57b59b45935ae1

SHA512
f1827cb745cda22ad6afef52d4e74f24bbecb8d1326dd0c5fc8a6e863c4cb9826d0d8b1052f7c2cb192dd75b29b5f62e4108747f53ea42883ec506197e6896d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe

Filesize
184KB

MD5
3b8c6dd7662e48f6a8d751e64b6e2a8e

SHA1
507c6f56d45aa3ebdd0906b6271ecda95386b400

SHA256
9fbd9f8b48ca2e2931333323db3ec9190be11838ca6c8fd32b7d277977ae918d

SHA512
d33246375a7693652b5992826d6db42f8a14f66535a0511dcd34da45c9266e4dd10b293acaba51502b253472606650fe3d66cf234aa672cc88d69c2b0af93ade

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6601.exe

Filesize
184KB

MD5
c7770b86d5d9641e7207b878b8b8ff66

SHA1
ca27d1b587f9befbe2b9d6226c89730cca161099

SHA256
d5312eab96667b89cb23bcc514463f27cfb50bfd36a11fc973a445c82847d59b

SHA512
11945a9627ed5134e7f83d9b3f9c217dedcab184191a4bd5913e98260ec7174d28bdc7db70bd563790447d39fdda5575962b4edbf453273ceac11ad1b79befca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17767.exe

Filesize
184KB

MD5
a5228d14e0697020c08e16dbb7269acc

SHA1
eb379ec9c9ad85d489d328c16b001dd6dbcb2601

SHA256
6ca02afdb15bddbab51be6c9c3e3971bfc6fc063d00bc29b5d65b70ee98dde1a

SHA512
6a2edcb96015a5703346eb3a35a7601645e314655302b47db23cf6b99d358cd3ee11222fba3eb7c5ba70a65610665dafcc31c2a2c4c24aa5c6b08224e2dc374e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18248.exe

Filesize
128KB

MD5
7084d5b0cddf013372c44ccbeb5988ec

SHA1
07710b0e78e619b3563a1db732a366cfc8b7d3d2

SHA256
7cc0db60a4056b8aed4d7db6aca30dcf86eefc41205c4ef368204aba2404bee1

SHA512
78851158dbf7bbef774bbb36cd9d7e113e0c2e338673d7e0a1c3abbabcad072d7ead4543143459e921a0fbd399cfd21cda25a7580ce5018fc7a9627359d421ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe

Filesize
184KB

MD5
2db8954fdbd231954987d98d8f4daaae

SHA1
46f917c8b40b9566338d3f001d1eae45c1ef0810

SHA256
b76edd5103e863e3187a3baecf0024abb3d5c878b0a4c4e0acd09926cbefbe28

SHA512
ca3ef8af3bfdba114fe87bcafd6f0c54afe59b8bb8e2db9df82eb40ff199e3df011ffd5b7a017f8fe68425fd497892958bb96d1e74d418fd2a7ae52d363d81ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe

Filesize
184KB

MD5
1188b6a9c1718f9a29a7d0510a5134f6

SHA1
b71ac7cf21909fbef10bb426064a71ff603936df

SHA256
90b6e6da7df90fd7820670a1eac4d65b8f9b867d271f1f4c36d33c28b8c5d324

SHA512
89e1a14e4e6c180a0f31fc14dac18073fd5ba9dc37afd31e38bc319d51d10dd35d33ca2a666cc9d649e74b6976c1adb9563c5f8140f60bfd0830f499f74229fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21389.exe

Filesize
184KB

MD5
b646695bd87657117f1b337ad97869ac

SHA1
ad0db7f5886b78d47cd753def7c51d492fea8254

SHA256
ff23643e1e11f443fbbf753bf69cd2ded6c0cb8700091685de638981a34bde77

SHA512
b83d072175d3b21d354d607353c0674a8ce50e8e7f13c3a0b3eeb7bfe1011563c8c80b283c73ba70aa33234055cb7dd4b74c88045c9024bf05fc0a3cf713f198

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23319.exe

Filesize
184KB

MD5
3cfda9420fda69271d65c6e3e713d54c

SHA1
b87d56a3c3922980ace890b8fb9f131aeb7edd94

SHA256
00b1d3d45af88317f71de14a7ca0b5abd1edd811a4ddfe6daac20246b1dd2b2d

SHA512
868eeb0871c18119038363b8cc85ec133c27ae142b2bee9e2f4c48b67cbb83b7a42ae730b7810b188eb8ca2fd1b5235ac9814ac24b9a462df9b469d9e7f3a7c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe

Filesize
184KB

MD5
09df2d46aea5f9703085915137a3c86c

SHA1
b2aa93f7c1970e48e85a25dfb0d981d37e90ba3a

SHA256
d8d83b485c8e123287be21d322575adecd22b875a5e470da0f9a0d6ef83acb23

SHA512
61b632a64fc9c2cb7dc3884efa2f461e93d5e5803922d970a3fdcfeccd02705776e05cc73f595f6c2873bdc8f6a77dcdf2c54d8782d1d4a10bbbaf6326f72663

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29557.exe

Filesize
184KB

MD5
7540285fa32aed3db375313af8cc5bf9

SHA1
26c10f8656285deac79c5a15a508f739ebba5cee

SHA256
27249f2abf9791934cbb8fa4d80e76c94d3b014c62357c4b2a8757f14bda6d66

SHA512
60aef4565c4b969b81d6e59e1dfac75bc63ec6e8f1948268b7796f1f7791a6351db500aa9b73b36986b3b20271353edf23adb1732fa4876afca9172a5681aa08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe

Filesize
184KB

MD5
ab2d29dec82f107b9ab1547e5ff1e62f

SHA1
c786be52d6e9b0e5a2ef74ac2b57da983f9973f5

SHA256
04a082ba84e43c60e4a7f9021484ce5467f646203276a272cd6824a38816e735

SHA512
fcc7be834feb9cc518b83530b96b49809221a20f4d93c5d8e94281b030c345235c06bf548e462bd39d0b1b78fa279ab5ca3d1f44c883fe69b82d3a0d1e425d6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe

Filesize
184KB

MD5
3fadcebfe5445a1eed9fde8c4457f862

SHA1
2f1edf6d4839283a9f05b2a757e5518c9af24c0e

SHA256
dc24ad328e43389db62bd7c65f6781b91e6eeaf9fb0b7ac5b8c68f4157df9e0b

SHA512
d8da6bf7fb91ef1e292062fb8084cdd30eb9b077914f480d7e4972851ac49f01d649a97974e37ebaeb78a1f999273f53503e672f88c06090a8c97b62741abc55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe

Filesize
184KB

MD5
7b42977f5a2c663ba124356786bde8ef

SHA1
84a51dde23ac44a3ad26669e3ac09364788cab2e

SHA256
5b316e25418a166a05578cc6efb37b4ea9704655d620cd035ab20d5df653340d

SHA512
5166be6db413fc9031a5c8f1c9c9ece2f1e1d628b86f99ae17e06261c1f51e5a305ad7f4e2ab484447df5871f3386f2f70b867607b1be833fdcc598f94f81af8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56801.exe

Filesize
184KB

MD5
19dd106ae2f0521c3cf6a8020826c8a4

SHA1
3052feb5d79fd3d1ad6daaed1ec8471008d52b67

SHA256
c87c20bce90c943c6b11d9308cb67d2015951db49b04188c2991a36348ee0c51

SHA512
a1951852c804d7e3486dbdff1a7dfc6bd15a5f078e4ecbfa3d33e5e67fcfcf71528ab859fb8a1185838d46b9706b6fd4bae1b774b4fc15b0b0797268614846da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe

Filesize
169KB

MD5
ca63841956464aafe2f5f50c54735d41

SHA1
b1c655da3f4ad5a8f92c3df6c7789fb3048b43a6

SHA256
0f34634d365912e0821a95ae3f2510d69455ed85de207304ad97ed456ec22542

SHA512
fa79fba27e1a498417165eec35c87ae1d02c25359b6af03e3f90d08f12db9cfdedce07c4a855e68312580e33f40fb43c49c5ae913147357d1b3e50944405f9b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe

Filesize
64KB

MD5
42d715c97856cb56598e15cacc425dbf

SHA1
c0344e37bb8f0576deddd631423c41b31c3f0471

SHA256
f68b69270280f68dff2344c12ab8fb702ab16832b1d03e31f6c5aa56be511065

SHA512
c438321da88007158c9738adfa685274927be7d504cab4d615d44f5b7b8169906c3598cdb16e6db3857e4c068d225feecd56d12f93b892ddbf563755db180131

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60963.exe

Filesize
184KB

MD5
6e402db91add7193f4ef69909402fbfb

SHA1
5ca24901ff56541089e42a0af10058cd2166a9a2

SHA256
421cef5f0e1c10df8b8da584e635f41ef206b116c0ce560f636e47aab3c6200a

SHA512
3e66bc0cbd682fb154b351a9e5d2a8129a4c05cf2256471439669159ab69aedb73ecdbbe9c97403ed4a6093e005aefbb910c604952d31ee5227ee81c83142a6c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads